Researchers at Trillex discovered an unauthenticated Remote Code Execution (RCE) vulnerability in 29 router models made by DrayTek. The vulnerability, tracked as CVE-2022-32548, carries a maximum CVSS v3 severity score of 10.0, categorizing it as critical. The attacker does not need credentials or user interaction to exploit the vulnerability with the default device configuration, making the attack viable via the internet or LAN. Attackers who exploit this vulnerability could potentially perform the following actions:
- Complete device takeover
- Information access
- Setup stealthy man-in-the-middle attacks
- Change DNS settings
- Use the routers as DDoS or cryptominer bots
- Pivot to devices connected to the breached network
Researchers found that of the 700,000 online devices, 200,000 expose vulnerable services on the internet and are readily exploitable, while the other 500,000 may also be exploited using one-click attacks.